Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - April 28, 2005

by Marianna Schmudlach / April 28, 2005 2:14 AM PDT

W32/Mytob-BT
Summary

Type Worm

W32/Mytob-BT is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-BT is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011). The patch for the operating system vulnerability exploited by W32/Mytob-BT can be obtained from the Microsoft website link below:
MS04-011
The worm also drops a file called hellmsn.exe (detected by Sophos as W32/Mytob-D) in the root folder. This component attempts to spread the worm by sending the aforementioned SCR files through Windows Messenger to all online contacts.

http://www.sophos.com/virusinfo/analyses/w32mytobbt.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - April 28, 2005
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - April 28, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
W32/Sdbot-XP
by Marianna Schmudlach / April 28, 2005 2:16 AM PDT

Type Worm

W32/Sdbot-XP is a worm which attempts to spread to remote network shares. It also contains Trojan functionality, allowing unauthorised remote access to the infected computer.
W32/Sdbot-XP moves itself to the Windows system folder as msnmsgr.exe and creates entries in the registry so as to run itself on system startup.

http://www.sophos.com/virusinfo/analyses/w32sdbotxp.html

Collapse -
W32/Sdbot-XQ
by Marianna Schmudlach / April 28, 2005 2:17 AM PDT

Type Worm

W32/Sdbot-XQ is a worm which attempts to spread to remote network shares. The worm also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Sdbot-XQ copies itself to the Windows system folder as msnplus1.exe and creates entries in the registry to run itself on system startup.

http://www.sophos.com/virusinfo/analyses/w32sdbotxq.html

Collapse -
W32/Sdbot-XR
by Marianna Schmudlach / April 28, 2005 2:19 AM PDT

Type Worm

W32/Sdbot-XR is an IRC backdoor Trojan and network worm.
W32/Sdbot-XR attempts to spread to remote network shares protected by weak passwords and computers vulnerable to common exploits, including LSASS (MS04-011), RPC-DCOM (MS04-012) and WKS (MS03-049). For patches for these vulnerabilities, see:
MS04-011
MS04-012
MS03-049
W32/Sdbot-XR opens up a backdoor, allowing unauthorised remote access to the infected computer via the IRC network, while running in the background as a service process.
W32/Sdbot-XR can receive commands from a remote attacker allowing them to control the infected computer.
The worm creates a file "msdirectx.sys" which is detected by Sophos as Troj/NtRootK-F.

http://www.sophos.com/virusinfo/analyses/w32sdbotxr.html

Collapse -
W32/Sdbot-XS
by Marianna Schmudlach / April 28, 2005 2:20 AM PDT

Type Worm

W32/Sdbot-XS is a member of the W32/Sdbot family of network worms. The worm can spread to weakly protected network shares.
The worm has a backdoor component that connects to a preconfigured IRC channel, allowing an attacker to issue instructions to the worm, thus giving access to an infected computer.
W32/Sdbot-XS can be instructed to flood remote computers with network traffic; disable DCOM and attempt to delete the C$, D$, IPC$ and ADMIN$ network shares; steal product keys; upload, download and execute files; and scan for remote computers to spread to.

http://www.sophos.com/virusinfo/analyses/w32sdbotxs.html

Collapse -
W32/Sdbot-XT
by Marianna Schmudlach / April 28, 2005 2:21 AM PDT

Type Worm

W32/Sdbot-XT is a network worm with backdoor Trojan functionality for the Windows platform.
The worm spreads through network shares protected by weak passwords, MS-SQL servers and through various operating system vulnerabilities.

http://www.sophos.com/virusinfo/analyses/w32sdbotxt.html

Collapse -
W32/Rbot-ABJ
by Marianna Schmudlach / April 28, 2005 2:23 AM PDT

Type Worm

W32/Rbot-ABJ is a worm which attempts to spread to remote network shares. The worm also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Rbot-ABJ copies itself to the Windows system folder as AVAMX.EXE and creates entries in the registry so as to run itself on system startup.

http://www.sophos.com/virusinfo/analyses/w32rbotabj.html

Collapse -
Troj/Zapchas-H
by Marianna Schmudlach / April 28, 2005 2:24 AM PDT

Aliases Backdoor.IRC.Zapchast

Type Trojan

Troj/Zapchas-H is a backdoor Trojan which allows a remote intruder to gain access and control over the computer via IRC channels.
The backdoor includes functions that allow a remote intruder to upload and download files, run programs and steal CD keys.

http://www.sophos.com/virusinfo/analyses/trojzapchash.html

Collapse -
W32/Banish-A
by Marianna Schmudlach / April 28, 2005 6:15 AM PDT

Type Worm

W32/Banish-A is a mass-mailing worm with password-stealing functionality.
Emails sent by the worm have the following characteristics:
Subject line:
OK. Read the attached instructions to solve the problem.
Here are the details.
Re: Thank you for your choice.
Thank you for shopping. This mail contains your invoice.
Thank you. Your credit card was processed successfully.
Attached file:
A filename chosen from those in the current user's "Recent Documents" folder.
W32/Banish-A also spreads by exploiting the following vulnerabilities:
LSASS (MS04-011)
IIS5 (MS04-011)
W32/Banish-A contains the following message:
ExiliuM SerieS A
In honour to all the people that were, are, or will be forced
to leave their homelands. NO MORE EXILED PEOPLE, NO MORE WARS
(c)ThE ExpaTRiatE 2005

http://www.sophos.com/virusinfo/analyses/w32banisha.html

Collapse -
Troj/Agent-DM
by Marianna Schmudlach / April 28, 2005 6:16 AM PDT
Collapse -
Troj/Dloader-MW
by Marianna Schmudlach / April 28, 2005 6:18 AM PDT
Collapse -
Troj/LZDrop-A
by Marianna Schmudlach / April 28, 2005 6:19 AM PDT
Collapse -
Troj/Agent-DO
by Marianna Schmudlach / April 28, 2005 6:21 AM PDT
Collapse -
help
by richardmumford / May 15, 2005 3:49 AM PDT
In reply to: Troj/Agent-DO

has anyone yet managed to delete this trojan as even working with Sophos I still cannot get rid of it - help me please - regards Richard Mumford

Collapse -
Did you have a look
by Marianna Schmudlach / May 15, 2005 3:57 AM PDT
In reply to: help
Collapse -
Troj/Iefeat-AH
by Marianna Schmudlach / April 28, 2005 6:22 AM PDT

Aliases Trojan-Downloader.Win32.Agent.bc
Adware-SearchAid
Trojan.Downloader.Agent-104


Type Trojan

Troj/Iefeat-AH is a Trojan for the Windows platform.
The Trojan attempts to download and execute files from a remote site.
Troj/Iefeat-AH may drop a file detected as Troj/Dloader-AQ.

http://www.sophos.com/virusinfo/analyses/trojiefeatah.html

Collapse -
Troj/Dappo-A
by Marianna Schmudlach / April 28, 2005 6:24 AM PDT

Aliases EXPL_IFRAMEBO.A

Type Trojan

Troj/Dappo-A is a Javascript Trojan downloader for the Windows platform.
Troj/Dappo-A may be contained in an HTML page which when viewed with Internet Explorer attempts to download and run a file from a preconfigured internet site.
The downloaded file is currently detected by Sophos as Troj/Sharp-G.
Troj/Dappo-A exploits a vulnerability in Internet Explorer.
A patch for the vulnerability exploited by Troj/Dappo-A is available from Microsoft at:
MS05-020

http://www.sophos.com/virusinfo/analyses/trojdappoa.html

Collapse -
Troj/Ablank-W
by Marianna Schmudlach / April 28, 2005 6:25 AM PDT
Collapse -
VBS/Confi-A
by Marianna Schmudlach / April 28, 2005 6:27 AM PDT

Type Worm

VBS/Confi-A is a worm for the Windows platform.
VBS/Confi-A can be transmitted by floppy disk as the file "folder.htt". The worm will be accompanied by the file "desktop.ini" that references the file "folder.htt".
When run, VBS/Confi-A attempts to copy itself to drive A: if a disk is present. The worm also copies the files "folder.htt" and "desktop.ini" to the Windows system folder as "MSkernel.con" and "MSkernel32.com" respectively.
The worm may load up Internet Explorer repeatedly on a pornographic website.
After a preconfigured number of executions, the worm will attempt to delete all files and folder from drives C:, D: and E:.

http://www.sophos.com/virusinfo/analyses/vbsconfia.html

Collapse -
W32/MyDoom-BN
by Marianna Schmudlach / April 28, 2005 8:16 AM PDT

Aliases Email-Worm.Win32.Mydoom.as
W32/Mydoom.bn@MM

Type Worm

W32/MyDoom-BN is a member of the W32/MyDoom family of email worms.
As the other members of the MyDoom family W32/MyDoom-BN opens notepad to display the file message that contains random strings.
As the other MyDoom worms W32/MyDoom-BN scans the filesystem and mounted shares for email addresses.
The worm may listen on ports exposing a backdoor which can be made use of by potential attackers.

http://www.sophos.com/virusinfo/analyses/w32mydoombn.html

Collapse -
Troj/Ablank-V
by Marianna Schmudlach / April 28, 2005 8:18 AM PDT
Collapse -
W32/Mytob-BB
by Marianna Schmudlach / April 28, 2005 8:19 AM PDT

Type Worm

W32/Mytob-BB is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-BB is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011).

http://www.sophos.com/virusinfo/analyses/w32mytobbb.html

Collapse -
Troj/Lowzone-Y
by Marianna Schmudlach / April 28, 2005 8:21 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?